Patch Tuesday
One vulnerability bears a striking resemblance to an 0day that was actively exploited in the wild in November 2023.
A CVSS 9,8 bug that lets attackers spoof legitimate connectors between Microsoft/Azure services is the pick of the bunch...
"Loaded by default on just about every version of Windows, so it provides a broad attack surface"
A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.
From SAP, an "update that only became necessary because the Security Note was accidentally previously deleted" and from Microsoft, some strange assessments.
Microsoft patched 86 security flaws including multiple Critical vulnerabilities in Windows and Teams as part of this month's Patch Tuesday update
Happy Patch Tuesday: Have some critical SAP vulnerabilities affecting pretty much every internet-facing product whilst you're at it...
Although May Patch Tuesday she be but little, she is fierce: Microsoft has pushed out a modest 38 new security fixes for its monthly fix cycle , but don’t get caught napping: They include fixes for a pre-authentication remote code execution (RCE) vulnerability in Outlook, CVE-2023-29325, that requires no user
Microsoft has urged users to patch a zero day in the Windows Common Log File System (CLFS) that allows elevation by a local attacker to SYSTEM privileges and which is being exploited in the wild. CVE-2023-28252 was reported by a member of China’s DBAPPSecurity WeBin Lab and as that